These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-12851 is a critical vulnerability in GeoVision GV-I/O Box 4E 2.09, involving multiple OS command injection vulnerabilities in the libNetSetObj.so library. This library is used by various binaries to configure the network stack. An attacker can exploit this vulnerability by sending a specially crafted network packet to trigger command execution. The vulnerability exists in the CNetSetObj::m_F_n_Se [truncated]
CVE-2026-12850 is a critical vulnerability with a CVSS score of 9.1, indicating a high severity level. The vulnerability exists in the libNetSetObj.so library used by various binaries on the GeoVision GV-I/O Box 4E 2.09 device to configure the network stack. An attacker can exploit this vulnerability by sending a specially crafted network packet to trigger command execution. The vulnerability is caused by [truncated]
CVE-2026-12849 is a critical vulnerability in GeoVision GV-I/O Box 4E 2.09, involving multiple OS command injection vulnerabilities in the libNetSetObj.so library. An attacker can exploit this by sending a specially crafted network packet to execute commands. The vulnerability is reachable through both the network-exposed DVRSearch service and the Network.cgi endpoint. The libNetSetObj.so library is used [truncated]
CVE-2026-12848 is a critical stack overflow vulnerability in the GV-I/O Box 4E, a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. The vulnerability exists in the DVRSearch service, which runs by default on the IOBox and listens for UDP messages on port 10001. Any user on the network can send messages to this service and interact with it. Upon receivi [truncated]
CVE-2026-12847 is a critical stack overflow vulnerability in the GV-I/O Box 4E, a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. The vulnerability exists in the DVRSearch service, which listens for UDP messages on port 10001 and is running by default on the IOBox. Any user on the network can send messages to this service and interact with it. Upon r [truncated]
The CVE-2026-12846 vulnerability is a critical stack overflow issue in the GV-I/O Box 4E, a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. The DVRSearch service, running by default on the IOBox, listens for UDP messages on port 10001 and is vulnerable to a stack overflow attack. An attacker can send a specially crafted UDP message to the service, po [truncated]
CVE-2026-12486 is a critical vulnerability in GeoVision GV-I/O Box 4E 2.09, involving multiple OS command injection vulnerabilities in the libNetSetObj.so library. This library is used by various binaries to configure the network stack. An attacker can exploit this vulnerability by sending a specially crafted network packet to trigger command execution. The vulnerability exists in the CNetSetObj::m_F_n_Se [truncated]
CVE-2026-12485 is a critical stack overflow vulnerability in the GV-I/O Box 4E, a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. The vulnerability exists in the DVRSearch service, which runs by default on the IOBox and listens for UDP messages on port 10001. Any user on the network can send messages to this service and interact with it. Upon receivi [truncated]
A remote code execution vulnerability exists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated user with System Setting permissions can execute arbitrary commands on the server by sending a crafted HTTP POST request to the ASWebCommon.srf backend endpoint to bypass the frontend restrictions.
CVE-2026-7161 is a critical vulnerability in GeoVision's GV-IP Device Utility 9.0.5. The Device Authentication functionality has insufficient encryption, allowing an attacker on the same LAN to listen to broadcast traffic, decrypt credentials, and gain full control over device configuration. The vulnerability has a CVSS score of 9.3 and was published on May 4, 2026.
A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.
A critical stack-based buffer overflow vulnerability exists in the WebCam Server component of GV-VMS V20 video monitoring software. The vulnerability resides in the `gvapi` endpoint's base64 decoding routine, where a dynamically sized decoded string is copied to a fixed 256-byte stack buffer without bounds checking. An attacker can exploit this by sending an HTTP request with a maliciously crafted Authori [truncated]
CVE-2026-42368 is a critical privilege escalation vulnerability in GeoVision LPC2011/LPC2211 version 1.10. The vulnerability exists in the Web Interface functionality and can be triggered by a specially crafted HTTP request, allowing an attacker to execute privileged operations by visiting a webpage.
A medium-severity privilege escalation vulnerability, CVE-2026-42367, exists in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. This vulnerability allows a specially crafted HTTP request to lead to a credentials leak. An attacker can exploit this vulnerability by visiting a webpage.
A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted series of HTTP requests can lead to an authentication bypass. An attacker can bruteforce session cookies to trigger this vulnerability.
A critical os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. This vulnerability, tracked as CVE-2026-42364, can be exploited by modifying a configuration value, allowing an attacker to execute arbitrary commands. The vulnerability has a CVSS score of 9.9 and is considered critical.
An insufficient encryption vulnerability in GeoVision GV-IP Device Utility 9.0.5 allows credential theft via passive network monitoring. The utility broadcasts privileged commands over UDP with username and password encrypted using a Blowfish-derived protocol, but the symmetric encryption key is transmitted in the same packet. An attacker on the same LAN can capture broadcast traffic and decrypt credentia [truncated]